Bitcoin Core developer exits Lightning Network development: Security concerns exist
Bitcoin core developer Antoine Riard revealed on Friday in a public email from the Linux Foundation that he will be stepping back from his work on the Lightning Network development and validation, citing the current threat of replacement cycling attacks that are posing a risk to the security of the Bitcoin network and its users.
Table of Contents
What is the Lightning Network?
The Lightning Network is a payment and transaction system built on top of the Bitcoin network, offering low-cost and instant payments by creating off-chain transactions.
As a popular Layer 2 solution, the Lightning Network is expected to be useful and unaffected when the transaction volume of Bitcoin surges or the network gets congested.
Bitcoin Core Developer Withdraws from Lightning Network Development
Due to fundamental challenges faced by the Bitcoin system, Bitcoin Core developer and security researcher Antoine Riard publicly announced his withdrawal from Lightning Network development, citing a new type of vulnerability called replacement cycling attacks that are threatening the security of the Lightning Network.
I will stop contributing to the development and deployment of the Lightning Network, including coordinating security issue handling at the protocol level, effective immediately.
Reportedly, the core of the so-called "replacement cycling attacks" lies in manipulating the Hash Time Locked Contract (HTLC) that secures the network's safety.
How does a lightning replacement cycling attack work?
There's a lot of discussion about this newly discovered vulnerability on the mailing lists, but the actual mechanism is a bit hard to follow.
So here's an illustrated primer…
🧵 1/n pic.twitter.com/mvvS8bEc5f
— mononaut (@mononautical) October 21, 2023
In essence, this attack exploits the Lightning Network's time limit mechanism, forcing participants to broadcast transactions, then using high transaction fees to replace and overwrite the original transaction, ultimately putting the funds under the attacker's control. This would result in participants being unable to recover their funds, leading to losses.
Issues Extend to Bitcoin Network Base Layer
The complexity and potential danger of the aforementioned attack have raised concerns among developers, with Riard stating that the Lightning Network is currently in a "dangerous" position:
I believe this new type of replacement cycling attack is putting the Lightning Network in a very dangerous position, and changing the base layer of the Bitcoin network may be the only truly effective and sustainable solution, such as adjusting how Bitcoin transaction history is stored or undergoing some kind of consensus upgrade.
Furthermore, while the currently deployed preventive measures may be effective against simple attacks, he believes they are insufficient to deter more powerful attackers.
Riard also pointed out:
These changes will require maximal community consensus and participation, as we will be altering the processing requirements of all nodes or the security architecture of the Bitcoin ecosystem.
Lastly, he emphasized the need to fully explain to the community the necessity of making these changes, and even suggested conducting attack simulations on the entire public Bitcoin ecosystem to maximize security.
This poses a difficult dilemma where we must get this right from the start, or there may not be many chances to fix it in the future as the network operates.
Related
- Only 7.5% of respondents in El Salvador have used cryptocurrency for transactions, President Bukele admits Bitcoin is still not widely adopted.
- Bitcoin reserve assets upgraded, Metaplanet increases BTC revenue through options trading
- Bitcoin derivatives market has huge potential? VanEck executive: 279 times that of traditional finance